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PROBLEM TO BE SOLVED: To provide a certifying 
method capable of performing an operatoness Job 
operation even the distribution to an unmanned 
terminal in the night requiring a certificate by 
unnecessitating log-in operation based on a user 
identifier (ID) password for every job execution 
request 

SOLUTION: Concerning this certifying method, when 
a client machine is logged in by the user ID 
password certified on the side of a server or when 
the normality is proofed by receiving a client 
certificate after a certificate is transmitted to 
the server, a machine ID to be uniquely determined 
is distributed from the server for each client 
machine. By using the distributed machine ID for the 
following client certification, the log-in based on 
the user ID password for each Job execution request 
from the client is unnecessitated and the certifying 
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* NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of -this translation. 

l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** s hows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] It is the authentication approach in the system to which the computer which attests, and the 
computer by which plurality is attested were connected in the network. In the user ID inputted in said 
computer attested, the step which transmits a password to said computer to attest, and said computer 
to attest The step which attests that said user ID which received, and a password are the things of a 
valid user, and when it is attested with a valid user After transmitting the step which transmits the 
machine ID which is the identifier which specifies said computer attested, and said machine ID to 
said computer attested from said computer to attest The authentication approach by the machine ID 
characterized by having the step which attests said computer attested by transmitting said machine 
ID to the computer which performs said authentication from said computer attested. 
[Claim 2] The user ID into which the computer which attests, and the computer by which plurality is 
attested are the authentication approaches in the system connected in the network, and were inputted 
in said computer attested, and the step which transmits a bond to said computer to attest, The step 
which attests the user of said user ID with the received bond in said computer to attest, and when it is 
attested with a valid user After transmitting the step which transmits the machine ID which is the 
identifier which specifies said computer attested, and said machine ID to said computer attested from 
said computer to attest The authentication approach by the machine ID characterized by having the 
step which attests said computer attested by transmitting said machine ID to the computer which 
performs said authentication from said computer attested. 

[Claim 3] Said computer which received said machine ID from said computer attested in claim 1 or 
claim 2 and to attest is the authentication approach by the machine ID which recognizes the 
authentication demand former user when assigning the machine ID concerned, and is characterized 
by confirming whether the demanded business is the execute permission business of the user 
concerned while attesting said machine ID. 

[Claim 4] The authentication approach by the machine ID characterized by having the step which 
acquires backup of said machine ID, and the step which recovers Machine ID from this backup in 
claim 1 or claim 2. 

[Claim 5] The authentication approach by the machine ID characterized by having the step which 
deletes said machine ID registered into said computer to attest in claim 1 or claim 2 by actuation 
from said computer side to attest or said computer side attested. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention is the environment where access the machine of the side 
which performs authentication from the near machine by which the plurality distributed on the 
network is attested, and business is performed, and relates to the authentication approach attested by 
the meaning machine ID (identifier) assigned per machine of the side attested. 
[0002] 

[Description of the Prior Art] When performing business in this environment with the spread of the 
Internet / intranet environments in recent years, about a program, distribution of data, etc., the gestalt 
to which a client user or a client system distributes the inquiry response mold with which a server 
side answers to the inquiry by publishing an inquiry actively to a server side has been increasing 
from the gestalt conventionally distributed from the server side in broadcasting to two or more client 
sides. 

[0003] With such a gestalt, in case a client (side attested) performs a distribution request to a server 
(side to attest) through a network, it has the need (client authentication is received) of proving its 
own justification. About the authentication approach of the client in a network, for example like the 
"security method" of JP,2-16669,A, the user ID and the password which the user of a client side 
entered are transmitted to a server side, it is checking the contents by the server side, and there is a 
method of proving the justification of a client. It has this machine authentication and program to the 
machine concerned and distribution of data are realized. Moreover, like the "user authentication 
method" of JP,5-35678,A, in order to raise the confidentiality of a password, there is a method 
whose log in is enabled without pouring a password on a network. [0004] 
[Problem(s) to be Solved by the Invention] Thus, since it is necessary to receive distribution 
authentication to a server side each time when performing an activation demand of business, for 
example, the distribution request of a program or data, from a client to a server side in the Internet / 
intranet environment, the user of a client side surely needs to log in by the user ID (or user ID and a 
password) registered into the database by the side of a server for every time of a distribution request. 
In order for circuit traffic to distribute at little Nighttime to distribute to a client at this time, for 
example, a mass program, an operator logs in and does a distribution request in the dead of night, or 
the client machine is changed into the log in condition (authentication is finished) with the user ID 
and the password attested between midnight, and it is necessary to perform a distribution request to a 
server from a client automatically to the timing of arbitration. However, as for the former, the latter 
has a security top problem on employment. 

[0005] Moreover, in the case of a program or data distribution, the function which attests not a user 
(man) but the computer itself which logs in to the computer which there are needs to make it the 
form distributed to the computer instead of a user (man) of a client (the user who can log in to that 
computer owns jointly, and use/reference is possible for him), and is attested at this time by the 
server side is required. However, the authentication approach of the client machine itself is not 
described by the two above-mentioned approaches. 

[0006] In the environment where client authentications [ purpose / of this invention ], such as the 
Internet/intranet, are indispensable An operator logs in in the dead of night. Require activation of 
business of a server or Without using an approach with the problem on employment of changing the 
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client machine into the log in condition with the user ID and the password attested between 
midnight, and requiring activation of business to the timing of arbitration, or security It is in offering 
the authentication approach that make unnecessary log in actuation with the user ID and the 
password for every operating activation demand, and distribution to the uninhabited terminal at night 
which needs authentication also enables operating employment of operator loess. 
[0007] Other purposes of this invention are to offer the authentication approach which can attest not 
the user (man) of a client but the calculating machine of a client itself by the server side. 
[0008] 

[Means for Solving the Problem] In order to attain the above-mentioned purpose, invention 
concerning claim 1 It is the authentication approach in the system to which the computer which 
attests, and the computer by which plurality is attested were connected in the network. In the user ID 
inputted in said computer attested, the step which transmits a password to said computer to attest, 
and said computer to attest The step which attests that said user ID which received, and a password 
are the things of a valid user, and when it is attested with a valid user After transmitting the step 
which transmits the machine ID which is the identifier which specifies said computer attested, and 
said machine ID to said computer attested from said computer to attest It is characterized by having 
the step which attests said computer attested by transmitting said machine ID to the computer which 
performs said authentication from said computer attested. 

[0009] Invention concerning claim 2 is the authentication approach in the system to which the 
computer which attests, and the computer by which plurality is attested were connected in the 
network. In the user ID inputted in said computer attested, the step which transmits a bond to said 
computer to attest, and said computer to attest The step which attests the user of said user ID with the 
received bond, and when it is attested with a valid user After transmitting the step which transmits 
the machine ED which is the identifier which specifies said computer attested, and said machine ID 
to said computer attested from said computer to attest It is characterized by having the step which 
attests said computer attested by transmitting said machine ID to the computer which performs said 
authentication from said computer attested. 

[0010] Said computer by which invention concerning claim 3 received said machine ID from said 
computer attested in claim 1 or claim 2 and to attest is characterized by recognizing the 
authentication demand former user when assigning the machine ID concerned, and confirming 
whether the demanded business is the execute permission business of the user concerned while it 
attests said machine ID. 

[001 1] Invention concerning claim 4 is characterized by having the step which acquires backup of 
said machine ID, and the step which recovers Machine ID from this backup in claim 1 or claim 2. 
[0012] Invention concerning claim 5 is characterized by having the step which deletes said machine 
ID registered into said computer to attest by actuation from said computer side to attest or said 
computer side attested in claim 1 or claim 2. 
[0013] 

[Embodiment of the Invention] Hereafter, the gestalt of operation of this invention is explained, 
referring to a drawing. 

[0014] Drawing 1 is the client / server structure-of-a-system Fig. for applying the authentication 
approach by the machine ID concerning this invention. In drawing 1 , 1 is located in the high order 
of each section server or a client, and is a subordinate's section server and a server which performs 
authentication of a client. The section server which 2 receives authentication in the server of a high 
order, and performs authentication of a subordinate's section server or a client, and 3 are clients 
which receive authentication in the server and section server of a high order. This invention can be 
applied when it is versatility to be attested when a client 3 receives authentication in the server 1 of 
the high order, a client 3 receives authentication in the section server 2 of the high order and the 
section server 2 receives authentication in the server 1 of the high order, and when the section server 
2 receives authentication in the section server 2 of the high order. What is necessary is just to apply 
other configurations and procedure with the same said of a case henceforth [ drawing 2 ], below, 
although the case where a client receives authentication in the server of a high order is explained to 
an example. 

[0015] Drawing 2 is drawing showing the example of a configuration in case one set or two or more 
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sets of the clients 21 which perform the distribution request of a program or data, and the server 12 
that attests this client in advance of distribution at the time of the distribution-request reception from 
this client are connected through the network 1 1 as a gestalt of 1 operation of this invention. 
[0016] In drawing 2 , the network which 1 1 connects physically and logically between the server 
mentioned later or a client, and serves as a medium of various program data distributions, and 12 are 
servers which perform authentication processing of a client, program to a client, and transmitting 
processing of data. When the user ID and the password sent from the client are attested, the client 
authentication processing section which attests the user ID and the password with which 13 has been 
sent from the client, and Machine ID, and 14 The machine ID control section which assigns Machine 
ID, the program data transmitting processing section to which 15 transmits a program and data 
according to the distribution request from a client, The database with which 1 6 stores the information 
on client authentication or program data distribution as an external device, The server information 
management table which stores the information in which a database 16 stores 17 on the primary 
storage and memory of a server, The managed table access section which performs access to the 
server information management table 17 stored on the primary storage and memory in the database 
16 whose 18 is an external device, or a server, 19 is an operating station for a server manager etc. to 
update and refer to information, such as a client authentication table and a machine ID managed 
table. 

[0017] Moreover, 21 is a client which performs the own authentication demand of a client and the 
distribution request of program data to a server 12. 22 is the client authentication demand section 
which requires authentication of a server by the user ID and the password entered by the client user, 
and the machine ED assigned by the server 12 after authentication. The machine ID deletion demand 
section which requires deletion of the machine ID by which 23 was once assigned from the server 12 
of a server side, the information (user ID and a password — ) concerning [ 24 ] a client user and a 
client machine Back up the client information management table which manages Machine ID, and 
the machine ID by which 25 was assigned from the server 12 to the external devices 27, such as FD 
(floppy disk), or The backup acquisition section / recovery section which recovers Machine LD from 
backup of an external device 27 on the contrary, The program data reception section which carries 
out reception of what 26 required a program and distribution of data from the server 12, and has 
actually been distributed from the server 12, The external device in which 27 stores backup of 
Machine ID, and 28 are the operating stations for directing activation of the backup to the external 
device 27 of the machine ID by which the client user was assigned from the server 12, recovery from 
an external device 27, deletion of Machine ID, etc. 

[0018] Drawing 3 is the example of the client authentication table for attesting the user ID and the 
password sent from the client 21 in the authentication approach by the machine ID concerning this 
invention applied to the configuration of drawing 2 . A client authentication table includes the 
operating list (33) which permits authorized user ID (31), a password (32), and activation for 
authentication. A client authentication table is a table which it is held at the database 16 of drawing 2 
R> 2, it is loaded on main memory as one of the server information management tables 17, and is 
accessed. 

[0019] Drawing 4 is the example of the machine ID managed table for attesting the machine ID sent 
from the client in the authentication approach by the machine ID concerning this invention applied to 
the configuration of drawing 2 . A machine ID managed table contains the requiring agency user ID 
(42) when assigning the machine ID (41) assigned to each client machine and Machine ID, and a 
password (43). A machine ID managed table is a table which it is held at the database 16 of drawing 
2 , it is loaded on main memory as one of the server information management tables 17, and is 
accessed. 

[0020] Drawing 5 shows the procedure for receiving authentication from a server 12 by the 
authentication approach by the machine ID which requires for this invention the client 21 connected 
through the network 1 1 like drawing 2 , and receiving distribution of the program data to demand. 
As shown in this drawing, a client user or the setup manager of a client machine enters user ID and a 
password in a client 21 first (SI). A client 21 enciphers the entered user ID and the password at the 
time of the 1st distribution request, and transmits to a server 12 (S2). In the 1st time, it is a time of 
receiving a program and distribution of data at the beginning of No. 1, and setting them up in a 
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client. That is, when setting up a program and data first, it attests with user ID and a password, and it 
attests with mentioning later after it by Machine ID. In addition, an original data scramble method is 
sufficient as the method of encryption also in the method of international standards. 
[0021] The server 12 which received user ID and a password confirms whether its user ID and 
password are registered into the client authentication table in a database 16 or the server information 
management table 1 7 on an internal memory ( drawing 3 ) after the decryption, and "distribution" is 
included in execute permission business (S3). When its user ID and password have obtained 
distribution authorization in accordance with the registered thing as a result of the check, it attests 
that it is a just client, the unique machine ID is assigned, and the machine ID, and the user ID and the 
password which were attested are registered into the machine ID managed table in a database 16 or 
the server information management table 17 on an internal memory ( drawing 4 ) (S3). In this case, 
even if it already assigns Machine ID with the received user ID and the password and is ending, the 
meaning machine ID can newly be assigned. In addition, an original data scramble method is 
sufficient as the method of encryption also in the method of international standards. 
[0022] Next, a server 12 enciphers the assigned machine ID and transmits to a client 21 (S4). In 
addition, when not in agreement with what has registered user ID and password, it notifies to a client 
21 that authentication went wrong. 

[0023] The client 21 which client authentication was successful and received the unique machine ED 
holds the contents in the client information management table 24 after a decryption (S5). 
[0024] Then, to a server 12, a client 21 gives Machine ID and transmits the distribution request of a 
program or data (S6). In addition, what is necessary is to give Machine ID and just to transmit a 
distribution request, when requiring a program and distribution of data of a server from the client 
concerned after Machine ID is assigned. For example, what is necessary is just to construct the 
schedule of taking out automatically the machine ID currently held in the client information 
management table 24, giving the machine ID, and transmitting a distribution request to distribute 
automatically in program, when there is little traffic, such as midnight. It can perform giving 
Machine ID and performing a distribution request automatically in the condition of not logging in, 
for example. 

[0025] As for the server 12 which received the distribution request to which Machine ID was given, 
the machine ID confirms whether register with the machine ID managed table in a database 1 6 or the 
server information management table 17 on an internal memory ( drawing 4 ) (S7). When in 
agreement with a thing with the registered machine ID as a result of a check, it attests that it is a just 
client (S7). At this time, it asks for the user ID of the demand origin corresponding to the machine 
ID concerned with reference to a machine ID managed table ( drawing 4 ), the execute permission 
business permitted to the user of that user ID from the client authentication table ( drawing 3 ) is 
searched for, and it confirms whether to be what the business demanded from the client is permitted. 
If a program and distribution of data are permitted, they will distribute a program and data with a 
demand to the client 21 concerned the demanded business and here (S8). 
[0026] Drawing 6 shows the procedure at the time of recovery from acquisition and backup of 
backup of the machine ID received after the client 2 1 connected through the network 1 1 like drawing 
2 received authentication from a server 12 by the authentication approach by the machine ID 
concerning this invention. Since the procedure of SI 1-S14 is the same as SI of drawing 5 - S4 as 
shown in this drawing, explanation is omitted. 

[0027] The client 21 which client authentication was successful and received the unique machine ID 
backs up the contents to external devices, such as FD, after a decryption (SI 5). FD which backed up 
Machine ID is kept by the client user concerned. 

[0028] When the assigned machines ID, such as crash of a client machine, were destroyed, or when 
changing the machine which a client user uses, the machine [ finishing / server authentication ] ID is 
recovered from external devices, such as FD which backed up Machine ID, (SI 6). Then, when 
transmitting a distribution request to a server 12, the recovered machine ID is given and a 
distribution request is transmitted (S17). Processing of S17-S19 is the same as S6-S8 of drawing 5 . 
[0029] Drawing 7 shows the procedure of deleting Machine ID from on the procedure of requiring 
deletion of Machine ID of a server 12 from a client 21, and a server 12, by abandonment of a client 
machine etc., after the client 21 connected through the network 1 1 like drawing 2 receives 
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authentication from a server 12 by the authentication approach by the machine ID concerning this 
invention. Since the procedure of S21-S24 is the same as SI of drawing 5 - S4 as shown in this 
drawing, explanation is omitted. 

[0030] Client authentication is successful, and in the client 21 which received the unique machine 
ID, when need, such as abandonment of the client machine concerned, arises after that, a client user 
or the setup manager of a client machine demands deletion of the machine ID assigned to self from 
the operating station of a server side (S25). In response to the directions, a client 21 transmits the 
deletion demand of Machine ID to a server 12 side (S26). 

[0031] The server 12 which received the deletion demand of Machine LD deletes the machine ID 
which the machine ID confirms whether register with the machine ID managed table in a database 16 
or the server information management table 1 7 on an internal memory ( drawing 4 ), and 
corresponds if registered (S27). The server 12 which deleted Machine ID notifies deletion of 
Machine ID to a client 21 side (S28). 

[0032] On the other hand, when the deletion demand of Machine ID cannot be performed from the 
client machine side concerned in crash of a client machine etc., the system administrator by the side 
of a server demands deletion of the machine ID concerned from the operating station of a server 12 
directly (S29). The server 12 which received the deletion demand of Machine ID deletes the machine 
ID which the machine ID by which the deletion demand was carried out confirms whether register 
with the machine ID managed table in a database 16 or the server information management table 17 
on an internal memory ( drawing 4 ), and corresponds if it exists (S30). The server 12 which deleted 
Machine ID notifies deletion of Machine ID on the operating station of the system administrator by 
the side of a server (S31). 

[0033] Since according to the gestalt of the above-mentioned implementation a requiring agency 
user when the server which received Machine ID assigns the machine ID concerned is recognized 
and the demanded business is confirming whether to be the business permitted to the user, a server 
can perform business as what is the operating activation demand from the user concerned. 
[0034] Furthermore, also when the client which had Machine ID assigned from the computer attested 
once crashes, re-acquisition of the machine ID by the user ID and password, or bond from a client 
can be made unnecessary by recovering Machine ID from the backup beforehand acquired to 
external devices, such as FD. 

[0035] Moreover, when the client which had Machine ID once assigned from a server is crashed or 
discarded, deletion of Machine ID can be performed by actuation from a server side or a client side 
so that the machine ID which became unnecessary at the server side may not be made to remain. 
[0036] In addition, although the gestalt of the above-mentioned implementation explained the 
example which performs the first authentication with user ID and a password, in addition to it 
instead of authentication with user ID and a password, the authentication approach by the bond may 
be used. A bond is data (data made into the form which cannot be forged by the so-called digital 
signature) which enciphered the public key of the owner of the bond with some information, such as 
user ID, using the private key of a certificate authority, for example. With the certificate (public key) 
of a certificate authority, the others are checking the digital signature of this bond, and can check the 
justification of the bond. 
[0037] 

[Effect of the Invention] Since he is trying for 2nd henceforth to receive the authentication over an 
activation demand of business using the machine ID assigned at the time of first-time authentication, 
according to this invention, the client machine which received authentication in the first-time 
demand to a server with user ID and a password in the authentication approach for the operating 
activation demand to the server machine from the client machine currently distributed through a 
network can make unnecessary the log in actuation with the user ID and the password for every 
operating activation demand. Therefore, distribution to the uninhabited terminal of Nighttime which 
needs authentication also enables operating employment of operator loess, without using an 
approach with the problem on employment that log in in the dead of night, and require activation of 
business of a server, or the operator changes the client machine into the log in condition with the 
user ID and the password attested between midnight, and demands activation of business to the 
timing of arbitration, or security. Moreover, not the user (man) of a client but the calculating 
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machine of a client itself can be attested by the server side. 
[Translation done.] 
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DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] They are the client / server structure-of-a-system Fig. for performing authentication by 
the machine ID of this invention. 

[Drawing 2] It is a block diagram in case one set of a server connects with one set of a client as a 
gestalt of operation of this invention in a network. 

[Drawing 3] It is the explanatory view showing the example of the client authentication table 

recorded on the database or server information management table in drawing 2 . 

[Drawing 4] It is the explanatory view showing the example of the machine ID managed table 

recorded on the database or server information management table in drawing 2 . 

[Drawing 5] It is the explanatory view showing the primitive operation sequence of the gestalt of this 

operation. 

[Drawing 6] It is the explanatory view showing the sequence of backup/recovery of the machine ID 
of the gestalt of this operation. 

[Drawing 7] It is the explanatory view showing the sequence of the deletion of the machine ID of the 
gestalt of this operation. 
[Description of Notations] 

1 12 [ — Network, ] — A server, 2-3 A section server, 21 ~ A client, 11 13 ~ The client 
authentication processing section, 14 ~ A machine ID control section, 15 ~ Program data 
transmitting processing section, 16 ~ A database, 17 ~ A server information management table, 18 ~ 
Managed table access section, 19 28 [ — A client information management table, 25 / — The backup 
acquisition section / recovery section, 26 / — The program data reception section, 27 / — External 
device. ] — An operating station, 22 — The client authentication demand section, 23 — The machine 
ID deletion demand section, 24 
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